Security In An Process Started With Exec
The php script that processes user input from a form, starts a new process
using exec. In my case, the process may contain arbitrary, user defined
functionality. How do I ensure that that process doesn't do any harm? Is
there a way to define a sort of sandbox that the process can run in, so it
won't be able to access any unauthorized resources, or do some other damage
to the server?
I am running PHP 5.1.2 on Apache 2, on Win XP Pro.
Thanks,
A
View Complete Forum Thread with Replies
Related Forum Messages:
How To Kill Process Started By User?
Let us suppose that PHP file contains cycle which will never stop. For example: while ( 2==2 ) { some usage of database; } User which opens this PHP page runs time consuming execution of the cycle. My question is whether this execution will be automatically stopped after user closes the PHP file (or closes his browser). I suppose that answer is "No", since PHP is server-side application. How than I can find such processes and kill them by hands?
View Replies !
Proc_open Hangs When Started Process Crashes
I'm using proc_open to start a process on a WindowsXP server. If the process that I start crashes for some reason, the whole PHP parsing hangs. When opening the TaskManager I can see my process still exists, meaning it actually hasn't ended although it crashed. any ideas how to solve this?
View Replies !
Exec Background Process
I want have PHP call another process (another PHP script at the moment but it may end up being a binary) in the background and not wait for process to complete, but rather instantly jump the the next line of code. I've tried things like: exec("./script.php &"); // script.php has executable permissions set exec("at -f ./script.php now"); // and #!/usr/bin/php at the top of the code Neither seem to work. They both execute script.php, but both hang around until script.php has completed.
View Replies !
XP Exec Background Process
I was trying to exec a background process on XP using PHP CLI, but could not get it to work. Suppose the command I want to spawn off is "cmd". On *nix, it is as easy as putting ampersand "&" at the end of the command. I tried the following on XP without working. exec("cmd"); exec("cmd >NUL"); exec("cmd /c cmd"); exec("start /b cmd"); I tried many combination, but on each one, PHP waits for cmd to exit before continuing. Doing this in Windows script host (cscript) is simple: Set objShell = CreateObject("WScript.Shell") objShell.Run "cmd", 0, False The "False" parameter causes the Run method to continue immediately without waiting for the command to finish. So I could make my PHP file exec a VBS file that does the actual background execution of my command. PHP exec documentation says it will not wait if output of the command is redirected somewhere, but this didn't seem to work for me. If anyone has experience in doing something like this on Windows XP SP2,
View Replies !
EXEC() Runs Process In Background
Exec, shell_exec, system, popen functions all run the process in the background. how can i get it to run the process normally. my code looks like this: <? exec("batch_file.bat"); ?> am i doing anything wrong?
View Replies !
Error Running Exec() To Kill A Process
Red Hat Linux 7.3, Apache 1.3, PHP 4.3.3 I am trying to create a PHP script to terminate a process that is running on the server. The file and folder permissions are set correctly, but I am getting the error "kill 943: Operation not permitted"; I am running the command "exec ("/bin/kill 943");".
View Replies !
Security With Checkout Process
for the checkout process of an online store...i'm wondering what to do about passing sensitive information between pages. i was thinking of having a 3 step checkout process... if i have a page where they enter their address and phone number and such...is it relatively safe to post that info to another page using a form? is there anything i should be watching for?
View Replies !
Exec() Security Issue?
For the past couple of days i've been trying to figure out how to get around a problem on our local network where we have a Gopher CSO (phone number) database, which can only be browsed w/ Netscape 4.x. I solved this problem by creating a PHP page that uses a lynx file source dump output and then displays that output. What I'm wondering now is about the security of using the exec() function, since the execution is variable depending what/who a user is searching for. here's my code: exec("lynx -source gopher://cso.server.edu:105/2?$SEARCH > $page"); where $SEARCH is someones name, or e-mail, etc. So the question is, Am i putting myself at risk that someone would use either ||'s or some other 'escape' characters to send something like rm -r *.* etc. where they could delete all my information? I have a script for CGI's that checks input like this: if ($link=~ tr/;<>*|'&$!#()[]{}:'"//) { print "Content-type: text/html"; print "Security Alert! Action canceled.<br>"; print "Please do not use weird symbols"; exit; } But i'm not sure how to change that over to PHP.
View Replies !
PHP Security Settings Exec ('chdir ..')
I have following question. I use exec ('chdir ..'). But in my own computer it says what it's disabled due to security reasons. in a php ini i found a string security = on, i change it to off, but nothing happens. I use Linux OS. May be somebody can help me to enable exec command.
View Replies !
Exec, Single Quote & Security...
(i'm particulary interested in security issue - php is running on apache + linux) i need to pass the result (here $exp) of a form submission to a third part application using : exec("echo $exp | third_part", $arr, $ret); this $exp may contain simple quote such as in "they're" and if i'm very unlucky harmful code for my system. by now i use : $exp = "'" . implode("' ' '", explode("'", stripslashes($exp))) . "'"; to be sure to maintain single quotes and i also expect to avoid some common vulnerabilities (by enclosing them inside '')
View Replies !
Warning: Ftp_exec() [function.ftp-exec]: SITE EXEC Is An Unknown Extension
This is kind of a part II to a question a posted earlier about exec and shell_exec not working. I'm trying to use ftp_exec to execute some simple command: $conn_id = ftp_connect("$server") or die ("Cannot initiate connection to host"); ftp_login($conn_id, "$username", "$userpass") or die("Cannot login"); $command = 'cd..' if (ftp_exec($conn_id, $command)) { echo "$command executed successfully"; } else { echo "could not execute $command"; } ftp_close($conn_id); I'm getting the following error: Warning: ftp_exec() [function.ftp-exec]: SITE EXEC is an unknown extension in /home/urieilam/public_html/work/video/test1.1.php on line 21 could not execute cd.. Have tried other commands as well, get the same. Could this be a security issue or something to do with p Safe Mode? I don't know much about commands, shell, etc..
View Replies !
Warning: Exec() [function.exec]:
I'm using PHP Version 5.0.4 in IIS5, Window 2003. When I execute my script, it prompt me the following error : Warning: exec() [function.exec]: Unable to fork [ping 10.8.1.70] in c:Inetpubwwwrootswitch.php on line 62 Below is my script : <?php $line1 = exec("ping 10.8.1.70", $output); exit; ?>
View Replies !
Getting Started
I am currently attempting to build a site where you can register with your 360 gamertag and then create guilds/clans and whatever. So does anyone have any tips for me on how to even get started?
View Replies !
Started PHP
i gotta admit last for mouth's ive been round other forum's but ive alway's come back to this one of course is the best , i need to get my idea's book up now. only been moveing to forum to forum cos im a big big big, newble with coding anyway.Right as you may know may of forgot a few mouth's ago i wanted to make a mmorpg game, text-based. Mafia style game. but as i have relized im not gonna learn some codeing (php) and be able to make it like that! i will need to learn research for mouth's and mouth's i know this! but i really need some good sites to learn. PHP.net is a good tut site but im a really newblw and it's far to complex for me. maybe ill get a book. and read it. but, with some site's i've been on when reading it i get really bored and stop reading and go on to play game's and i know i like coding cos when i was doing some javascript i enjoyd doing some alert stuff i know it's really easy but i enjoyd makeing it, just really dont enjoy learning it. (lol).
View Replies !
Cant Get Started
i've downloaded php installer from php.net i've installed it on my computer and i want to try it without a server i'm using front page to creat my html pages and i want to use it to creat html pages containing php codes. is that available? when i try to do so i dont know how to save it with the .php extention i also dont know how to browse it shall i open it with the explorer or just a double click on the file.
View Replies !
How To Get Started In PHP
in general I am a newbie to web design, but am very interested in learning all that I can. I wish I had some kind of formal training, but financially it's just not an option. So I'm trying to learn as much as I can on my own via the internet. So here's my dilemma, I'm creating a family website and want to add a bloggers page. I downloaded what seems to be a pretty cool PHP blog, but since I know nothing about PHP, I don't know what I'm supposed to do with the files. The blog is MyBloggie 2.1.2 if that helps. Can anyone point me in the right direction on how to utilize this.
View Replies !
PHP Security - Some Common Security Pitfalls That Are Inherent In The Language?
I'm working on developing an application in PHP4/MySQL and I've got very little experience with either. Most of my work is in ASP/Access and compiled programs. The app that I'm developing doesn't need to be perfectly secure, but I want to avoid common pitfalls, and I have no idea where to start. From your experience, what are some common security pitfalls that are inherent in the language? I shouldn't have any trouble with program logic being an issue, just stuff that may be PHP specific. (Like the User being able to put anything that they'd like in the QueryString and having that show up as a variable in the script).
View Replies !
Getting Back To Where I Started.
I use a login script and since it's accessable from every page on my site I would like the user to go back to the place where he started. I use a template file in which the loginfields are placed and where I call a different .inc for each other page, so it doesn't make sense to hard code the 'gobackurl', is there a function to retrieve the pageurl from where the user came or another solution, let me know?
View Replies !
Problem Getting Started
I was just wondering if anyone can just help me get started with PHP (with My SQL). I've installed these on my home PC (together with Apache web server as a local host), but when I navigate to the "test.php" file in my browser, I just get the file opening in Notepad. I'm sure it was appearing in the browser correctly last week when I tried. Any ideas? I'm pretty sure I've configured the Apache httpd.conf file correctly. My SQL starts on StartUp (showing as a green light in the system tray) so that can't be the problem - and http://localhost is displaying the Apache test page ok in the browser.
View Replies !
How To Get Started With Web Services?
I have a project that would be perfect to use a web services architecture. Although I've never done anything with web services. I've been doing quite a bit of reading on how to create a web service with PHP and I got about 10 different ways to do them. So my question is, what is the absolute best way to create a web service using PHP. Do you know of any good books, article, tutorials, etc. that would help with this issue? I just need to be pointed in the right direction so I can start reading and playing around with them.
View Replies !
Getting Started - Not Quite Working
I've got Apache up and running also PHP and edited the httpd.conf and php.ini as recommended(by ricocheting.com). Problem is as soon as I have a single or double quote,all PHP after that just gets dumped to the browser even though I do of course close the quote.
View Replies !
SESSION STARTED
im trying to learn php and when i was installing openbooking i got it instaled and when i type the username and password in it just says Notice: A session had already been started - ignoring session_start() in c:program fileseasyphp1-8wwwsystemsession.php on line 2 does anyone know how i can get round this .
View Replies !
Getting Started With Fucntions
I'm trying to tidy up a lot of code that repeated. for example, I wrote a phpscript that exports data to a pdf file rather messily, there is a lot of repeated code so as an example, i put the header in to a function as such ; Code:
View Replies !
A Session Had Already Been Started
I have a permission file I include at the top of each page in my application that I am use to do the session_start() and check for the session. I am getting an error that shows on each page though that says: PHP Notice: A session had already been started - ignoring session_start() in C:DATAhtdocsincludespermissionsuniversal.php on line 2 The page runs fine, but the error shows. I tried searching for an answer, but the query in the search box was freaking the site out.
View Replies !
Getting Started With Ajax
I just completed putting up a pretty simple game site that uses php for everything (almost everything). The game is opensource and written by others. I consider myself at rookie at php, and was capable of modifying the game a little bit with some of great help from all of the members here. The game constantly sends queries to the database, and then will refresh the screen. I know this is a pretty open ended question, and I just bought a book to begin reading this weekend. But I am curious to peoples thoughts on the difficulty level in incorporating ajax into existing php scripts? Something a php rookie should be able to figure out?
View Replies !
Getting Started On Php And Downloading
I would like to learn php and i only the only language is html and i would like to become a designer of web pages,and i see alot of pages using php,am a novice i tried down loading it and i can't find it,and what does it mean to have a server on your computer.
View Replies !
Getting Started With PEAR
I have been coding for almost 40 years, but only two months with php. I found www.php.net and it has a lot. I downloaded ZipCodeRange and it called for stuff, including DB.php. I was directed to look at pear.php.net. I did that, and started reading the manual. What I cannot seem to find is how to SIMPLY use this stuff. a - I don't know where to find db.php b - I haven't been able to find an explanation of the syntax (e.g. DB::connect) c - How to actually USE the class. Can someone help me out with some simple instructions to get started? Once I am moving I can take it from there.
View Replies !
Session Expired Or Never Started?
I have some code at the top of each page that says session_start() then checks for a value in the session. If the person never logged in the session is empty and they get bounced to the login page. But if the person has been sat at a normal page for 15 minutes after logging in, session_start() works as if a session ID has not been presented, starts a new session which is empty and the user gets bounced to the login page! I feel like I've missed a step. How can I tell if a user doesn't have a valid session ID because they've never logged in, or whether they don't have a valid session ID because their session has timed out?
View Replies !
Getting Started - Gui And File Organisation
preamble: I have a lot of my php rolling now, and it looks very exciting; sow sorry to ask such dim questions, but I wonder if you could point me in the right direction for the following: 1. how do you do loads of user input ? it does not look like there are a lot of functions for user buttons and input fields; do you 2. mix php with another user gui inout language ? I was about to code up php inside html actions (I'm new to html too!) 3. how do you organise you files ? and make functions able to skip accross them.
View Replies !
Sessions Started Going Weird.
i installed WAMP server on my pc, and started coding as always. I noticed that sessions started going weird. I declare a session in page1 for example, I echo it in page2 after a form submission ... al goes fine ... then click a link on page2 leading to page 3 ..... the session is no longer valid. echoing the session gives NULL What's wring? I am using session_start(); in all 3 pages.
View Replies !
Started My Regex Immersion
I started (long time overdue) to take a deep immersion in regex but cannot figure out the answer to some questions: For example What that /U stands for? preg_replace('/<a.*href="([^"])/U', '../$1', $url); does it regard only the first uppercase character or all uppercases or something else? I found a way to grasp the concept: 1) Trying to understand the tutorialsSSS (so many!) 2) And when writing or reading a sample I read it but translate it in pure English if it does not make sense or does not seem to be logical then something got to be wrong.
View Replies !
How To Get An Unix Programmer Started On Web Programming?
I've done lots of programming for CAD, which was basically C/C++ and tcl/tk. Now, we are thinking about introducing more web based tools, programming them ourselves and right now the toolchain we think about is apache/oracle/php. Now, I can do oracle no problem but I'm pretty wet behind the ears about everything else. What books could you recommend to me so that I can learn: - what all this apache stuff is about, the mod_* - what html or xml looks like, what a css and a dtd is and what I need it for - session management - login through active directory - php I've thrown my eyes on the php5 and mysql bible (ok it's not oracle but the mysql part is 150 out of 1000 pages and the rest looks good from the table of contents). But what about the other stuff?
View Replies !
Trouble Getting Started With PHP/MySQL On 5gbfree.com
Background: A few days ago I was browsing <www.free-webhosts.com>, specifically <http://www.thefreesite.com/Free_Web_Space/>, where it lists <http://www.5gbfree.com/which allows 3GB of Web space plus 10 MySql databases! I tried to get an account there, but I can't see the letters in the box (CAPTCHA) because my access is text only. (Details of my situation: <http://www.rawbw.com/~rem/NewPub/mySituation.html>) But earlier today I briefly got full net access at a local computer lab that was just about to close for the day, so I was able to complete my registration. I now have my own 5gbfree.com site. I was able to create a database called test1, a user called self, and set up priviledge for that user to use that database, except I have no idea how to check if it really worked, because my test script doesn't work: <? $user="calrobert_self"; $password="..."; $res = mysql_connect(localhost,$user,$password); echo "res = $res<br>"; $database="test1"; @mysql_select_db($database) or die( "Unable to select database $database"); mysql_close(); ?> It returns a empty result from mysql_connect, and it dies unable to select the database test1. I tried to join the newbie forum they have, but it requires javascript, which isn't available here. I did a Google search to try to find any previous mention of 5gbfree, but there's nothing except spam from a user that apparently has been terminated from 5gbfree because when I try to connect to that user's Web site I get redirected to 404.php and from there to the main greeting page for 5gbfree.com. So does anybody know anyone who already has an account on 5gbfree.com who could tell me how to diagnose the problem I'm having with PHP/MySQL access? Or just somebody with general PHP/MySQL ObNit: No, my password isn't "...". I omitted it here for obvious reasons. But in the actual script the correct password is there, AFAIK, I don't know how to verify that the password I set up matches the password I'm trying to use in this PHP script. I tried changing the password in the script to be incorrect, but the result is the same, null result (printing as empty string, i.e. nothing printed at all there) in $res. I also changed the $user to be a bogus value, and still there's no change in the output. I have no idea whether it's failing to find the user, or failing to match the password, or failing to find the database, or failing to allow that user to get access to that database.
View Replies !
Suddenly Started Running Slow!
So the other day, I was fiddling with the php.ini file on my web server trying to figure out why my 30mb file wasn't uploading, so I started changin some settings and then tried to upload my file again... Out of nowhere, the php script started taking forever to execute! you can see it here: ....
View Replies !
How Would Php Security Compare To Java Security?
I just want to know how would php security compare to java security? Its because that me and my officemate are developing a site which would handle confidential documents and we just cant decide on whether we should use php or java. Please do post you opinions regarding this and it would even be better if you could also post links to write-ups about php security.
View Replies !
Security - What Security Dangers Should I Be Aware Of?
I am quite new to PHP but I have managed to write a simple page create script. So far the script does not have any user input. It does open/write files and it also accesses my MySQL database. No variables are passed from script to script either. My question is, what security dangers should I be aware of? My other question is, can you download a php file and view the contents?
View Replies !
Warning: Session_start() [function.session-start]: Cannot Send Session Cache Limiter - Headers Already Sent (output Started At
I found a wonderful Captcha script and it works wonderfully, except when i use include to put it into another file... I get this error message: Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/user/public_html/index.php:12) in /home/user/public_html/securimage.php on line 386 After some short research here it appears that this happens because there is already HTML output in the main page.. I am using the include function to add it (the form) to the regular index.php page.... Do I need to add something in the headers to prevent this? Code:
View Replies !
Process ID
I am starting a process with the system command via a php page. I want to put a button on the same page which will let the user kill the process by clicking that button. To do this, I need to know the process ID. I could grep for it, but that also returns the grep command. How can I make PHP tell me the process ID of a process I started? It seems as if this would not be a problem but I guess I am missing something.
View Replies !
Getting Your Own Process ID
I am doing some work where I want to do locking, and prevent scripts from running in parallel. I see that I could use the semaphore mechanism, but I'd like for my code to be portable, and that extension is not enabled in many places. I need some way for a process to uniquely identify itself. It can then look at the storage container (flat file, DB, whatever is appropriate in context), check to see if the requested semaphore is available, and if it is, acquire it and then mark itself as the owner. It can then check that it did in fact get ownership (as opposed to another process which attempted to acquire it at the exact same moment) before proceeding. Code:
View Replies !
Process Name
How do you send a variable with a php process name? I have one script that different websites are running in the background. I want to be able to identify which website is running which process of the script. /usr/bin/php /home/thescript.php - domain1.com /usr/bin/php /home/thescript.php - domain2.com
View Replies !
Run Process In Background
I want to run process from my php script in background. I try different functions from functions list but all of them whaiting for process ending. How can I run `wget -b ...` and finish my script, but wget must still working? I use PHP5, Linux, Apache2.
View Replies !
Multithread A Process
can i use php to multithread mail() or something similar? in my company i need to send multiple copies of email to a few hundred ppl affilated and on my list. instead of calling mail over and over again i would like to thread this process. could someone point me to some documentation or perhaps an example of where to start with this?
View Replies !
Fetch & Process
I doing a straight forward webpage fetch and saving it to a file: CODE: $open = @fopen($url, "r"); $urlfile = @fread($open, 50000); @fclose($open); $page = split("",$urlfile); $datafile = fopen($tempfile, 'w'); foreach ($page as $line) { echo($line); fwrite($datafile,$line); } fclose($datafile); So I basically just write the fetched HTML line by line to a local file. The weird thing is I'm getting a bunch of ^M characters in the final file after every $line is written to the file.
View Replies !
|
TRACKER
